[Snort-users] Malware detection with Snort
ram.nath241089 at ...11827...
Tue Nov 26 11:32:57 EST 2013
The Snort has come with predefined rules which detect the "Network Trojan"
might be helpful to deal with the current malware
analysis IMO. :)
Now, about the forensics approach as Salvo said.
I would like to suggest technique logging i.e. export logs to remote log
server using rSyslog, free log management utility with
awesome community support. If your system gets compromised, you will have
track of system activities with you due to remote
log exportation and take countermeasure actions on it such tuning Snort or
other security areas of your network which will be
proved as proactive approach.
Keep us posting to know your experimentations !!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users